EXAM # 5 | | 暗記メーカー

EXAM # 5 |

90問 • 7ヶ月前

問題一覧

What does a Cross-Site Scripting (XSS) vulnerability allow an attacker to do?

- Inject malicious scripts into web pages viewed by other users

In the aftermath of a security incident, you as an incident responder have documented a series of recommended actions to prevent similar occurrences in the future. Where would these recommendations typically be documented in an incident response report?

- In the recommendations section

When assessing risks to your organization's IT infrastructure, which framework allows for prioritization based on the potential impact of threats?

- NIST's Cybersecurity Framework

A cybersecurity analyst is reviewing the DNS logs for his company's networks and sees the following output: /// Based on this potential indicator of compromise (IoC), which of the following hypotheses should you make to begin threat hunting?

- Fast flux DNS is being used for an attacker's C2

A recent threat has been announced in the cybersecurity world, stating a critical vulnerability in a particular operating system's kernel. Unfortunately, your company has not maintained a current asset inventory, so you are unsure of how many of your servers may be affected. What should you do to find all of the affected servers within your network?

- Conduct an OS fingerprinting scan across the network

During the 2017 WannaCry ransomware attack, cybersecurity professionals across organizations globally rushed to contain the spread and impact of the ransomware. In this effort, they used a variety of software solutions designed to detect, analyze, and respond to security incidents. A popular open-source platform that provides comprehensive capabilities for network traffic analysis and log management was used extensively. What is the name of this platform?

- Security Onion

You suspect that a service called explorer.exe on a Windows server is malicious, and you need to terminate it. Which of the following tools would NOT be able to terminate it?

- secpol.msc

Which of the following agreements is used between companies and employees, between companies and contractors, and between two companies to protect information assets?

- NDA

The IT department of Kelly’s CodeLab Innovations has discovered a system vulnerability. The vulnerability has a medium likelihood of being exploited and if exploited, could lead to significant data loss. Which of the following is the MOST reasonable course of action?

- Investigate and prioritize the vulnerability based on its potential impact on the affected hosts

In a scenario where an organization has implemented a strict change management policy, how might this policy influence the process of remediating identified vulnerabilities?

- By creating bureaucratic delays in implementing necessary patches and updates

Jonathan’s team completed the first phase of their incident response process. They are currently assessing the time to recover from the incident. Using the NIST recoverability effort categories, the team has decided to predict the time to recover, but this requires additional resources. How should he categorize this using the NIST model?

- Supplemented

What kind of security vulnerability would a newly discovered flaw in a software application be considered?

- Zero-day vulnerability

Which of the following provides a cryptographic authentication mechanism to positively identify an organization as the authorized sender of email for a particular domain name?

- DKIM

Your company is adopting a cloud-first architecture model. Management wants to decommission the on-premises SIEM your analysts use and migrate it to the cloud. Which of the following is the most serious issue with using this approach?

- Legal and regulatory issues may prevent data migration to the cloud

You are conducting a code review of a program and observe the following calculation of 0xffffffff + 1 was attempted, but the result was returned as 0x0000000. Based on this, what type of exploit could be created against this program?

- Integer overflow attack

During a vulnerability scan of your network, you identified a vulnerability on an appliance installed by a vendor on your network under an ongoing service contract. You do not have access to the appliance's operating system as the device was installed under a support agreement with the vendor. What is your best course of action to remediate or mitigate this vulnerability?

- Contact the vendor to provide an update or to remediate the vulnerability

Evaluate the following log entry: /// Based on this log entry, which of the following statements are true?

- An attempted connection to the telnet service was prevented, - The packet was blocked inbound to the network

What is a reverse proxy commonly used for?

- Directing traffic to internal services if the contents of the traffic comply with the policy

Your organization has recently suffered a data breach due to a server being exploited. As a part of the remediation efforts, the company wants to ensure that the default administrator password on each of the 1250 workstations on the network is changed. What is the easiest way to perform this password change requirement?

- Deploy a new group policy

Consider the following REGEX search string: /// Which of the following strings would NOT be included in the output of this search?

- 37.259.129.207

You have recently been hired as a security analyst at Dion Training. On your first day, your supervisor begins to explain the way their network is configured, showing you the physical and logical placement of each firewall, IDS sensor, host-based IPS installations, the networked spam filter, and the DMZ. What best describes how these various devices are placed into the network for the highest level of security?

- Defense in depth

Edward's bank recently suffered an attack where an employee made an unauthorized modification to a customer's bank balance. Which tenet of cybersecurity was violated by this employee's actions?

- Integrity

You have just returned from a business trip to a country with a high intellectual property theft rate. Which of the following precautions should you take before reconnecting your laptop to your corporate network? (SELECT TWO)

- The laptop should be physically inspected and compared with images made before you left, - The laptop should be scanned for malware

You just visited an e-commerce website by typing in its URL during a vulnerability assessment. You discovered that an administrative web frontend for the server's backend application is accessible over the internet. Testing this frontend, you discovered that the default password for the application is accepted. Which of the following recommendations should you make to the website owner to remediate this discovered vulnerability? (SELECT THREE)

- Require two-factor authentication for access to the application, - Whitelist all specific IP blocks that use this application, - Change the username and default password

Why is it important to analyze time to detect?

- Allows for measurable evaluation of the effectiveness of the vulnerability management process

A cybersecurity analyst conducts an incident response at a government agency when she discovers that attackers had exfiltrated PII. Which of the following types of breaches has occurred?

- Privacy breach

Which of the following roles should be assigned to the incident response team? (SELECT FOUR)

- Management, - Legal, - Public relations, - Human resources

You're examining system logs for potential security incidents when you encounter the following command: nc -lvnp 4444 -e /bin/bash What does this command suggest?

- Potential Reverse Shell

During the Sony Pictures hack in 2014, the attackers installed a wiper malware named Destover on Sony's systems to erase data. Which phase of the Cyber Kill Chain does this represent?

- Installation

Your organization is preparing for its required quarterly PCI DSS external vulnerability scan. Who is authorized to perform this scan?

- Only an approved scanning vendor

If an administrator cannot fully remediate a vulnerability, which of the following should they implement?

- A compensating control

Which of the following would be used to prevent a firmware downgrade?

- eFUSE

You have just completed identifying, analyzing, and containing an incident. You have verified that the company uses self-encrypting drives as part of its default configuration. As you begin the eradication and recovery phase, you must sanitize the storage devices' data before restoring the data from known-good backups. Which of the following methods would be the most efficient to use to sanitize the affected hard drives?

- Perform a cryptographic erase (CE) on the storage devices

What tool can be used as an exploitation framework during your penetration tests?

- Metasploit

During which incident response phase is the preservation of evidence performed?

- Containment, eradication, and recovery

In incident management, which post-incident activity is often required when a legal investigation is expected, and involves meticulous examination of all evidence related to the incident?

- Forensic analysis

A cybersecurity analyst is reviewing the logs of an authentication server and saw the following output: /// What type of attack was most likely being attempted by the attacker?

- Brute force

Susan is worried about the security of the master account associated with a cloud service and the access to it. This service is used to manage payment transactions. She has decided to implement a new multifactor authentication process where one individual has the password to the account. Still, another user in the accounting department has a physical token to the account. To login to the cloud service with this master account, both users would need to come together. What principle is Susan implementing by using this approach?

- Dual control authentication

Which of the following types of output encoding is being used in the following output? ///

- Base64

Which of the following vulnerabilities can be prevented by using proper input validation? (SELECT ANY THAT APPLY)

- XML injection, - SQL injection, - Directory traversal, - Cross-site scripting

Julie was just hired to conduct a security assessment of Dion Training’s security policies. During her assessment, she noticed that many users were sharing group accounts to conduct their work roles. Julie recommended that the group accounts be eliminated and instead have an account created for each user. What improvement will this recommended action provide for the company?

- Increase individual accountability

If a company's Service Level Objectives (SLOs) mandate that critical vulnerabilities be patched within a specific timeframe, why would monitoring adherence to this SLO be a valuable Key Performance Indicator (KPI) for vulnerability management?

- To measure the effectiveness of the vulnerability management program

A healthcare facility is using a proprietary Electronic Health Records (EHR) system with undisclosed inner workings. How might this secrecy impact their ability to manage vulnerabilities?

- By making it difficult for the organization to fully comprehend and address system vulnerabilities

A recent security audit revealed several vulnerabilities in your organization's network. Your security team wants to understand the specific tactics, techniques, and procedures (TTPs) that an attacker could potentially use to exploit these vulnerabilities. Which framework would be most appropriate to use?

- MITRE ATT&CK

Your organization has conducted a vulnerability scan of its network using Nessus and received a report with several vulnerabilities identified. Each vulnerability is accompanied by a Common Vulnerability Scoring System (CVSS) score, but some vulnerabilities have the same CVSS score while others have lower scores but affect critical systems. How should your organization approach these vulnerabilities?

- Prioritize vulnerabilities by both CVSS score and the criticality of the affected systems

Which analysis framework provides the most explicit detail regarding how to mitigate or detect a given threat?

- MITRE ATT&CK framework

Which attack methodology framework primarily focuses on understanding the stages of a cyber attack from the reconnaissance to the exploitation, installation, and achieving their objectives?

- Cyber Kill Chain

What is the primary purpose of compensating controls in information security?

- To provide alternative security measures when a primary control is not feasible

A company is using a legacy system which is no longer supported by the manufacturer. How might this inhibit the remediation of identified vulnerabilities?

- No manufacturer support means no access to necessary patches or updates for fixing vulnerabilities.

You have been hired to investigate a possible insider threat from a user named Terri. Which of the following commands would successfully look through all the log files in "/var/log" for any references to "Terri" or "terri" on a Linux server?

- find /var/log/ -exec grep -H -e "[Tt]erri" {} \; 2> /dev/null

According to the MITRE ATT&CK framework, which of the following types of capabilities would an adversary need to identify and exploit zero-day vulnerabilities?

- Developed

Ted, a file server administrator, has noticed that a large number of sensitive files have been transferred from a corporate workstation to an IP address outside of the local area network. Ted looks up the IP address and determines that it is located in a foreign country. Ted contacts his company’s security analyst, who verifies that the workstation’s anti-malware solution is up-to-date, and the network’s firewall is properly configured. What type of attack most likely occurred to allow the exfiltration of the files from the workstation?

- Zero-day

John is a cybersecurity consultant that wants to sell his services to an organization. In preparation for his first meeting with the client, John wants to conduct a vulnerability scan of their network to show the client how much they need his services. What is the most significant issue with John conducting this scan of the organization’s network?

- John does not have permission to perform the scan

In the event of a security incident, what is the primary reason for ensuring thorough and accurate communication with legal and public relations teams?

- It helps manage legal risk and public perception of the incident

You are applying for a job at a cybersecurity firm. The application requests you enter your social security number, date of birth, and email address to conduct a background check as part of the hiring process. Which of the following types of information has you been asked to provide?

- PII

You are analyzing the logs of a web server and see the following entry: /// Based on this entry, which of the following attacks was attempted?

- XSS

In the preparation phase of the incident management life cycle, which aspect involves assembling and maintaining a collection of scripts, applications, and other software that can be used to respond to a cyber threat effectively?

- Tools

The incident response team leader has asked you to perform a forensic examination on a workstation suspected of being infected with malware. You remember from your training that you must collect digital evidence in the proper order to protect it from being changed during your evidence collection efforts. Which of the following describes the correct sequence to collect the data from the workstation?

- CPU cache, RAM, Swap, Hard drive

Which of the following command-line tools would you use to identify open ports and services on a host along with the version of the application that is associated with them?

- nmap

An insurance company has developed a new web application to allow its customers to choose and apply for an insurance plan. You have been asked to help perform a security review of the new web application. You have discovered that the application was developed in ASP and used MSSQL for its backend database. You have been able to locate an application's search form and introduced the following code in the search input field: /// When you click submit on the search form, your web browser returns a pop-up window that displays Vulnerable_to_Attack. Which of the following vulnerabilities did you discover in the web application?

- Cross-site scripting

Fail to Pass Systems has just become the latest victim in a large scale data breach by an APT. Your initial investigation confirms a massive exfiltration of customer data has occurred. Which of the following actions do you recommend to the CEO of Fail to Pass Systems in handling this data breach?

- Conduct notification to all affected customers within 72 hours of the discovery of the breach

When you purchase an exam voucher at diontraining.com, the system only collects your name, email, and credit card information. Which of the following privacy methods is being used by Dion Training?

- Data minimization

A penetration tester discovered a web server running IIS 4.0 during their enumeration phase. The tester decided to use the msadc.pl attack script to execute arbitrary commands on the webserver. While the msadc.pl script is effective, and the pentester found it too monotonous to perform extended functions. During further research, the penetration tester found a perl script that runs the following msadc commands: /// Which exploit is indicated by this script?

- Chained exploit

A threat intelligence analyst is researching a new indicator of compromise. At the same time, the web proxy server-generated an alert for this same indicator of compromise. When asked about this alert, the analyst insists that they did not visit any of the related sites, but instead, they were listed on the results page of their search engine query. Which of the following is the BEST explanation for what has occurred?

- Prefetch is enabled on the analyst’s web browser

Jason has installed multiple virtual machines on a single physical server. He needs to ensure that the traffic is logically separated between each virtual machine. How can Jason best implement this requirement?

- Configure a virtual switch on the physical server and create VLANs

William evaluates the potential impact of a confidentiality risk and determines that the disclosure of information contained on a system could have a limited adverse effect on the organization. Using FIPS 199, how should he classify the confidentiality impact?

- Low

Which of the following would an adversary do during the 'reconnaissance' phase of the Lockheed Martin kill chain? (SELECT THREE)

- Discover servers facing the public internet, - Harvest email addresses, - Identify employees on Social Media networks

A penetration tester is using a known vulnerability to compromise an Apache webserver. After they gain access to the server, what is their next step to pivot to a protected system behind the DMZ?

- Privilege escalation

As a cybersecurity analyst conducting vulnerability scans, you have just completed your first scan of an enterprise network comprising over 10,000 workstations. As you examine your findings, you note that you have less than 1 critical finding per 100 workstations. Which of the following statement does BEST explain these results?

- An uncredentialed scan of the network was performed

An organization wants to get an external attacker’s perspective on their security status. Which of the following services should they purchase?

- Penetration test

Dion Training wants to install a new accounting system and is considering moving to a cloud-based solution to reduce cost, reduce the information technology overhead costs, improve reliability, and improve availability. Your Chief Information Officer is supportive of this move since it will be more fiscally responsible. Still, the Chief Risk Officer is concerned with housing all of the company’s confidential financial data in a cloud provider’s network that might be shared with other companies. Since the Chief Information Officer is determined to move to the cloud, what type of cloud-based solution would you recommend to account for the Chief Risk Officer’s concerns?

- SaaS in a private cloud

You are investigating traffic involving three separate IP addresses (192.168.66.6, 10.66.6.10, and 172.16.66.1). Which REGEX expression would you use to be able to capture ONLY those three IP addresses in a single statement?

- \b(192\.168\.66\.6)|(10\.66\.6\.10)|(172\.16\.66\.1)\b

Christina is auditing the security procedures related to the use of a cloud-based online payment service. She notices that the access permissions are set so that a single person can not add funds to the account and transfer funds out of the account. What security principle is most closely related to this scenario?

- Separation of duties

You are analyzing DNS logs looking for indicators of compromise associated with the use of a fast-flux network. You are already aware that the names involved in this particular fast-flux network are longer than 50 characters and always end in a .org top-level domain. Which of the following REGEX expressions would you use to filter DNS traffic that matches this?

- \b[A-Za-z0-9\.\-]{50,251}+\.org

After a successful spear-phishing attack, an adversary has gained access to your organization's network. The adversary then performs a Pass-the-Hash attack to gain administrative privileges, moves horizontally in the network, and finally exfiltrates sensitive data. Which stage of the MITRE ATT&CK framework does this movement represent?

- Lateral Movement

In the process of fine-tuning your incident management lifecycle, you decide to execute simulated incident scenarios. These scenarios are designed to evaluate how well your incident response plans work and boost the readiness of your response teams. What element of the preparation phase does this practice best represent?

- Tabletop exercises

Which of the following categories would contain information about a French citizen's race or ethnic origin?

- SPI

A cybersecurity analyst working at a major university is reviewing the SQL server log of completed transactions and notices the following entry: /// Based on this transaction log, which of the following most likely occurred?

- Someone used an SQL injection to assign straight A's to the student with ID #1235235

A cybersecurity analyst is working at a college that wants to increase its network's security by implementing vulnerability scans of centrally managed workstations, student laptops, and faculty laptops. Any proposed solution must scale up and down as new students and faculty use the network. Additionally, the analyst wants to minimize the number of false positives to ensure accuracy in their results. The chosen solution must also be centrally-managed through an enterprise console. Which of the following scanning topologies would be BEST able to meet these requirements?

- Active scanning engine installed on the enterprise console

Tim is working to prevent any remote login attacks to the root account of a Linux system. What method would be the best option to stop attacks like this while still allowing normal users to connect using ssh?

- Change sshd_config to deny root login

Dion Training utilizes a wired network throughout the building to provide network connectivity. Jason is concerned that a visitor might plug their laptop into a CAT 5e wall jack in the lobby and access the corporate network. What technology should be utilized to prevent users from gaining access to network resources if they can plug their laptops into the network?

- NAC

During a recent security incident, you, as an incident responder, documented each action and decision that took place, from the initial detection to final remediation. This detailed timeline could prove particularly useful for which part of the incident response reporting?

- Lessons learned

Your organization is updating its Acceptable User Policy (AUP) to implement a new password standard that requires a guest's wireless devices to be sponsored before receiving authentication. Which of the following should be added to the AUP to support this new requirement?

- All guests must provide valid identification when registering their wireless devices for use on the network

A cybersecurity analyst is attempting to classify network traffic within an organization. The analyst runs the tcpdump command and receives the following output: /// Which of the following statements is true based on this output?

- 10.0.19.121 is a client that is accessing an SSH server over port 52497

Your organization's threat intelligence team discovered a plan to sell your company's sensitive data on the dark web. What action would you expect the team to take next?

- Notify your CSIRT and cooperate with them to protect the company's sensitive data

An organization's security team has recently discovered several vulnerabilities within its systems. Why is it crucial for these vulnerabilities to be thoroughly reported and communicated within the organization?

- It ensures that the organization maintains compliance with required security standards and protocols

In the Cyber Kill Chain, which phase involves the attacker taking advantage of a vulnerability in the system or application to execute the delivered payload?

- Exploitation

How can the fear of business process interruption potentially inhibit the remediation of identified vulnerabilities?

- May lead to delays in performing system maintenance and patching

Which of the following is NOT a part of the security incident validation effort?

- Sanitization

Considering a scenario where an international space station's proprietary operational software is discovered to have numerous zero-day and critical vulnerabilities, why would the unique implications of these specific vulnerabilities in such a high-stakes and isolated environment necessitate an immediate and expedited response?

- These types of vulnerabilities pose the highest risk to the environment

THE P.T: 1 CHRONICLE: ( ex.9 )

The R.S.S.H Delivery Company · 90問 · 6ヶ月前

THE P.T: 1 CHRONICLE: ( ex.9 )